×

IDMWORKS Blog

Enabling Strong Authentication for Users of Single Sign-On (SSO) Applications in SailPoint IdentityNow


Strong Authentication can be configured as a requirement for all authenticated users of IdentityNow.  When this is configured, users will only be able to launch any Applications (App) after they supply additional information verifying their identity.

These additional information could be:
● Verification codes sent via email or text message
● Security Questions
● Re-entering Passwords
● RSA SecurID

These are the steps to configure this capability:
● Network Settings
● Trusted Countries
● Strong Authentication

Network Setting

Log in as Administrator, navigate to Admin > Global > System Settings > Network Settings > Network Definitions

Populate into the field provided in the screenshot above with the IP address ranges for your corporate network and press the “Save” button when completed.

Click “Add” button to add more IP ranges as may be required.

Trusted Countries

Log in as Administrator, navigate to Admin > Global > System Settings > Network Settings > Trusted Countries

Populate into the field provided in the screenshot above the names of the Countries you want to either Blacklist or Whitelist. This field will auto-fill with appropriate value once you start typing. Press the “Save” button when completed.

Click “Add” button to add more Countries to the list as may be required.

Strong Authentication

Log on as Administrator, navigate to Admin > Applications > [Desired App] > Settings > Strong Authentication

From this page, you can select your desired options and then click the “Save” button. This will in-turn enforce the following category of users to supply additional information depending on your choice.

● All users – Every authenticated user
● Off-Network – Everyone outside of the corporate network
● Untrusted Geographies – Everyone accessing resources from untrusted Countries

Sample Launchpad Display for Strong Authentication Apps

When a user authenticates into IdentityNow and they are required to perform Strong Authentication, the below screenshot displays how the App icon will display for them. They will not be able to launch the App until they supply additional information which verifies their identity.

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Leave a Reply

Your email address will not be published. Required fields are marked *